Hey Everyone, I intend to write this one down to express my methodology for this bug that I found in one of the the best Earning app.

I was searching on Google playstore “ Real Money Earning apps” and I selected the first one..I create a account and start earning money.. when I earned upto a 1.08 dollar in 1 week :( now I have decided to cashout this money . so I clicked on cashout button in app.. It’s redirect me to account on their web page .

now I changed mymail@ to test@ and the webpage result was “Please correct your Client-id and user-key”

Now It’s time to get dig into more..Their was feature in app chatting. I decided to dig.I open myaccount in Firefox which is configure with burp and testaccount on my phone I meassage to myacc from testacc .I recieved a notification and Intercept the notification message by clicking on it will show all the info relted to message and also its show me user id and user key..in Burp Repeater Response